Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

sex sites added to bottom of favourites bar

Started by diggerbarnes , May 10 2005 04:37 PM

  • This topic is locked This topic is locked

#1
diggerbarnes
Posted 10 May 2005 - 04:37 PM

diggerbarnes

    New Member

  • Member
  • Pip
  • 8 posts
Hello there.

I'm quite a novice and completely new to this site, but here are some details which I hope may be of help:

The Wannadoo home page comes up blank and with the title "about blank".
3 sex-related sites are added to bottom of favourites drop down list.
AVG reports many '.exe' files repeatedly, especially after going on online.
Full AVG scan revealed 16 "trojan horse" things, 14 in C/windows, and 2 in C/Windows/system.
(examples: wp.exe, mskmidi.exe, javapb.exe, iedp32.exe, etc) - all are listed as 'Downloader Agent 11or 12. BA or H or Q or D' except for 'mskmidi.exe' which is listed as a trojan horse 'starter page.18.2'

Adaware reveals 27 critical objects, 25 of which are 'coolwebsearch' related.
Coolwebsearch (last merijin version) ran - nothing.
New/updated Cwshredder ran - nothing.

Here is my HijackThis log:

Logfile of HijackThis v1.95.0
Scan saved at 22:52:30, on 10/05/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\VARIOUS FREEWARE - RECOMMENDED UTILITIES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
O2 - BHO: (no name) - {94E17571-D9E8-A5B3-5EB9-0650B535AD4D} - C:\WINDOWS\SYSTEM\SYSTG32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL/VSearch.htm
O9 - Extra 'Tools' menuitem: Dolphin Links Naviga&tor (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.furness.a...sses/CFJava.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.cabourg.n...sCamControl.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.m7z....llInstaller.exe



Really hope someone can help.

Thanks in advance.

diggerbarnes.
  • 0

Advertisements

#2
linuxwannabee
Posted 14 May 2005 - 02:46 AM

linuxwannabee

    Member

  • Member
  • PipPipPip
  • 125 posts
*Edited by an Admin

Please do not ask members to start a new thread in the Malware forum. instead, please let a Mod or Admin know, and we will move the existing thread!

Edited by ~Kat~, 14 May 2005 - 03:04 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP